Hmm, this is an interesting point. Setting the protected=true flag on the image seems like a good solution, except I don't see any kind of force delete option for images. Would a user be able to change the protected value from true to false if they really knew what they were doing and wanted to delete the snapshot image? It's unclear to me from reading the docs on updating an image and the image schema:
https://developer.openstack.org/api-ref/image/v2/index.html#update-image https://developer.openstack.org/api-ref/image/v2/index.html#show-image- schema This should probably be discussed on the mailing list to get wider input as this would also be an API behavior change for shelve. ** Tags added: shelve ** Changed in: nova Status: New => Opinion ** Changed in: nova Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1807110 Title: Shelved instance image/snapshot is not protected from deletion Status in OpenStack Compute (nova): Opinion Bug description: When shelving an instance with nova storage (instead of boot from volume), a glance snapshot of the VM is created before it is shelved. The user is free to delete this snapshot with no warning, indication or error that the snapshot is needed by the shelved instance other than the name (being VMNAME-shelved). Shelved images should be protected from deletion, ideally by indicating they are in use by the shelved instance or at the very least we could set (and perhaps not allow unsetting) the 'protected' flag. This results in data loss when the user inadvertently deletes the snapshot, not realizing it is required for the shelved instance. While it's technically user-induced and not spontaneous, a reasonable user would expect a warning or indication in such a case. This bug probably crosses over into glance rather than just nova, however, nova would likely need to at least partially orchestrate such a protection, so I am filing the bug against nova initially. == Steps to reproduce == (1) openstack server create --flavor m1.small --image xenial --network tenant --wait test-a (2) openstack shelve test-a # wait (3) openstack image delete test-a-shelved --wait # Received: NO ERROR, Expected: ERROR (4) openstack server unshelve test-a # ERROR (cannot find image) To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1807110/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
